Gäst idgadmin Postad 1 januari, 2005 Share Postad 1 januari, 2005 Jag har råkat ut för en förstasidekapare. Har försökt få bort den med massa olika program men inte funkar det inte.Förstasidan är en aboutblank som inte leder någonstans. Hjälp!!! Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 1 januari, 2005 Share Postad 1 januari, 2005 klicka på scan och sen på save log http://koti.mbnet.fi/pattaya1/HijackThis.exe Länk till kommentar Dela på andra webbplatser More sharing options...
Gäst idgadmin Postad 2 januari, 2005 Share Postad 2 januari, 2005 Har testat....hjälper inte!!! Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 men du förstår inte, när du klickat på save logg så sparar du den och sen kopierar in den loggen här Länk till kommentar Dela på andra webbplatser More sharing options...
Gäst idgadmin Postad 2 januari, 2005 Share Postad 2 januari, 2005 OK här kommer loggen: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Mixer.exe C:\Program\Microsoft Hardware\Keyboard\type32.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Java\j2re1.4.2_01\bin\jusched.exe C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program\Real\RealPlayer\RealPlay.exe C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spyware Doctor\spydoctor.exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\WINDOWS\System32\svchost.exe C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\STORDATOR 2\Application Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F14C428-91E6-4207-B041-1F6308AFB12C} - C:\WINDOWS\system32\fibf.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\syslr\mssearch.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\image.dll,Install O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe" O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [saap] c:\program files\winsys180\saap.exe O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [RealOne Player Update Sheduler] C:\WINDOWS\System32\RealUpdater.Exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\image.dll,Install O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: officejet 6100.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/svezia.exe O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O18 - Filter: text/html - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll O18 - Filter: text/plain - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing) O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing) Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 stäng internet. bocka för dessa i hjt O4 - HKLM\..\Run: [saap] c:\program files\winsys180\saap.exe O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\image.dll,Install O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\image.dll starta sen om datorn och posta en ny logg Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 jag glömde en sak, är du helt säker på att det är hela loggen som du fått med ovan... kolla noga när du postar nästa logg så hela kommer med. använd hijack this vers 1.99 [inlägget ändrat 2005-01-02 17:55:29 av 927] Länk till kommentar Dela på andra webbplatser More sharing options...
Gäst idgadmin Postad 2 januari, 2005 Share Postad 2 januari, 2005 Här kommer nästa logg. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Mixer.exe C:\Program\Microsoft Hardware\Keyboard\type32.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Java\j2re1.4.2_01\bin\jusched.exe C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program\Real\RealPlayer\RealPlay.exe C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spyware Doctor\spydoctor.exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\WINDOWS\System32\svchost.exe C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\System32\wisptis.exe C:\Program\Outlook Express\msimn.exe C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01..src"); (C:\Documents and Settings\STORDATOR 2\Application Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F14C428-91E6-4207-B041-1F6308AFB12C} - C:\WINDOWS\system32\fibf.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\syslr\mssearch.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe" O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [RealOne Player Update Sheduler] C:\WINDOWS\System32\RealUpdater.Exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: officejet 6100.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/svezia.exe O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O18 - Filter: text/html - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll O18 - Filter: text/plain - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing) O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing) Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 hmmm... zipp, varför ser jag inte "infon" och 023? stäng internet och bocka för dessa R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {2F14C428-91E6-4207-B041-1F6308AFB12C} - C:\WINDOWS\system32\fibf.dll O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\syslr\mssearch.dll O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O18 - Filter: text/html - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll O18 - Filter: text/plain - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing) O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing) starta om i felsäkert läge och ta bort fibf.dll mssearch.dll resj.dll om dom hittas starta om och posta en ny logg Länk till kommentar Dela på andra webbplatser More sharing options...
Zipp. Postad 2 januari, 2005 Share Postad 2 januari, 2005 >hmmm... zipp, varför ser jag inte "infon" och 023?< Vad menar du med "infon"? Den här variantten ser man inte i 023 rader. Översta delen av loggen fattas vet inte vilken Windows vi har här. Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 med infon mena jag den ms och hjt infon. kanske är det 2k3... vad menar du med: Den här variantten ser man inte i 023 rader. Länk till kommentar Dela på andra webbplatser More sharing options...
Zipp. Postad 2 januari, 2005 Share Postad 2 januari, 2005 >med infon mena jag den ms och hjt infon< Ahaa...nu fattar jag. Man måste spara loggen först någonstans sen kopiera den och klistra in. >vad menar du med: Den här variantten ser man inte i 023 rader.< Jag mena att den här variantten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure ser man inte i O23 - Service rader men den här variantten ser man ibland där R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zajic.dll/sp.html#37049 Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 hehe, jo men frågeställaren har ju sparat loggen nånstans annars är det ju svårt att posta loggen, eller? jag tänkte att infon inte fanns i txt filen heller, kanske.... jaså, det har jag inte tänkt på. men jag fattar inte hur det hänger ihop... alltså hur R1 kan påverka att hjt inte visar 023 service panda blabla [inlägget ändrat 2005-01-02 21:47:49 av 927] Länk till kommentar Dela på andra webbplatser More sharing options...
Gäst idgadmin Postad 2 januari, 2005 Share Postad 2 januari, 2005 Jahapp....här kommer loggen. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Mixer.exe C:\Program\Microsoft Hardware\Keyboard\type32.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Java\j2re1.4.2_01\bin\jusched.exe C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Logitech\MouseWare\system\em_exec.exe C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program\Real\RealPlayer\RealPlay.exe C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spyware Doctor\spydoctor.exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\WINDOWS\System32\svchost.exe C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://f10/cgi-bin/action.cgi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01..src"); (C:\Documents and Settings\STORDATOR 2\Application Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe" O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [RealOne Player Update Sheduler] C:\WINDOWS\System32\RealUpdater.Exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: officejet 6100.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/svezia.exe O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing) O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing) Tackar å bockar,niger å knixar..........kaparen har dunstat...peppar peppar Kramiz Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 loggen är inte ok! inte ens 016 är borta... jag återkommer strax Länk till kommentar Dela på andra webbplatser More sharing options...
Zipp. Postad 2 januari, 2005 Share Postad 2 januari, 2005 Placera Hijacken hit i egen mapp C:/HjT/HijackThis.exe Kopiera hit översta delen av loggen eller meddela vilken Windows du har. Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 vi testar detta starta om i felsäkert läge, kör hjt och fixa dessa R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://f10/cgi-bin/action.cgi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/svezia.exe O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing) O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing) starta sen om och posta en ny logg. vilket operativsystem använder du? Länk till kommentar Dela på andra webbplatser More sharing options...
Gäst idgadmin Postad 2 januari, 2005 Share Postad 2 januari, 2005 här kommer nästa logg. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\Mixer.exe C:\Program\Microsoft Hardware\Keyboard\type32.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Java\j2re1.4.2_01\bin\jusched.exe C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program\Logitech\MouseWare\system\em_exec..exe C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program\Real\RealPlayer\RealPlay.exe C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spyware Doctor\spydoctor.exe C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\WINDOWS\System32\svchost.exe C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://f10/cgi-bin/action.cgi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01..src"); (C:\Documents and Settings\STORDATOR 2\Application Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe" O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [RealOne Player Update Sheduler] C:\WINDOWS\System32\RealUpdater.Exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: officejet 6100.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll Länk till kommentar Dela på andra webbplatser More sharing options...
927 Postad 2 januari, 2005 Share Postad 2 januari, 2005 020 raden är kvar, den verkar va krånglig. vi testar detta viset starta hjt>config>misc tool>delete file on reboot>välj fil>öppna>starta om den filen som ska bort är alltså resj.dll C:\WINDOWS\System32\resj.dll det är en liten chans men filen kan användas av nåt program. om du vill så kan du högerklicka>egenskaper>version och kolla där vad det är för fil osv [inlägget ändrat 2005-01-02 23:33:02 av 927] Länk till kommentar Dela på andra webbplatser More sharing options...
Rekommendera Poster
Arkiverat
Det här ämnet är nu arkiverat och är stängt för ytterligare svar.